Tag Archive for FOI

Will FOI be humbled?

The Cabinet Office

FOIMan gazes into his crystal ball to see what will result from the government’s response to the House of Commons’ Humble Address.

Amongst everything else that happened this very unusual week (although aren’t they all lately), the House of Commons made a ‘humble address’ to the Government requesting access to a document outlining plans for a no-deal Brexit, and perhaps more controversially, communications between certain named civil servants and special advisers relating to the prorogation of Parliament. These communications were to include those in private email accounts, WhatsApp, text messages and various other cited forums.

Late on Wednesday, Michael Gove in his capacity as Chancellor of the Duchy of Lancaster (and therefore in charge of the Cabinet Office and no-deal planning – and come to that, government FOI policy), wrote to the instigator of the humble address, Dominic Grieve, refusing to provide the communications. He argued that it was an improper use of the humble address mechanism to seek such communications of officials. He further suggested that this information would be exempt under FOI, mentioning section 35 (formulation of government policy) and section 36 (specifically maintenance of ministerial collective responsibility), and concerns about breaching the Data Protection Act (as others have pointed out, it would be the General Data Protection Regulation that would potentially be breached, but that’s an academic point in this regard).

A humble address is not an FOI request. And with Parliament prorogued, it is difficult to know what Dominic Grieve and colleagues can do about the Government’s effective partial refusal. So what happens next? And is it going to prove possible for the communications to be disclosed? I’ve polished my crystal ball to gaze into the future. A caveat – all of the following assumes that a political deus ex machina fails to come to the rescue. And assumptions in the current climate are, of course, hugely dangerous… But excepting a change in government or similar that results in a more sympathetic ear to this request, here are my predictions.

First, even if Dominic Grieve hasn’t followed up with an FOI request for the refused communications, I’m sure that the Cabinet Office is right now receiving a deluge of almost identical requests asking for them.

Second, the Cabinet Office will (eventually, as they will almost certainly delay responding to after the 20th working day) refuse these requests claiming variably that they are vexatious (poor harassed Dominic Cummings); exceed the cost limit;  and claiming a) the communications are not held, and b) that even if they were, they are exempt under s.35 and/or s.36, or that disclosure would breach data protection laws so they are exempt under s.40(2) of FOIA. It is very easy to challenge the arguments that they will use (see below), but that won’t stop them.

Third, several requestors will (having had no luck with an internal review), complain to the Information Commissioner. The Information Commissioner will discard the vexatious argument (as long as you haven’t been too rude) and the cost argument. We’ve seen before what happens when Michael Gove’s officials use private channels to communicate about their work – so the Information Commissioner would rule that the communications were held as long as they related to government business (which the discussion of prorogation clearly is). Anything not related to the conduct of government business would be excluded so many of the privacy concerns raised by Mr Gove will not be at issue (Gove suggests in his letter that compliance with the humble address would require some sort of intrusive intervention, but as the Commissioner indicated in the decision I’ve alluded to here, and in her guidance, such a search would merely involve asking the individual concerned to supply relevant correspondence – there is no question of anyone else searching through their private communications).

In respect of the communications which are judged to be ‘held’ for the purposes of the request, it is certainly the case that communications will be or contain personal data of the individuals listed in the humble address. However, data protection laws do not prevent disclosure of personal data in all circumstances. Public authorities are expected to consider if there is a legitimate interest in disclosure of the requested data (in this case, Michael Gove himself alludes to the ‘legitimate desire from Parliamentarians on all sides to understand the impact that leaving the EU without a deal would have’ and there is an obvious legitimate interest given the controversy around prorogation of Parliament, including accusations that the Prime Minister lied to the monarch, in the public being able to find out for themselves what the truth of these allegations may be); whether disclosure is necessary to meet that interest (there isn’t another way to find out how and why this decision was reached); and whether the rights and interests of affected individuals override the identified legitimate interest (highly unlikely – these are senior high profile officials who should expect to have their work scrutinised – it’s part of the job). It therefore seems unlikely that disclosure of the requested communications would breach GDPR, so the Commissioner will rule that the personal data exemption does not apply to some (at least) of the communications. The arguments in favour of s.35 and/or s.36 will probably be harder to discount. The exemptions are relatively easy for a determined government department to apply – s.35 is phrased so broadly that it is easy to show that communications fall within its scope. The use of s.36 turns on the opinion of a Minister being ‘reasonable’ – something which whilst it’s easy to snigger at, is easier to demonstrate in law. However, both s.35 and 36 are subject to a public interest test. In the circumstances (and for pretty much the same reasons as there is a legitimate interest in disclosure of personal data), it seems likely that the Commissioner would plump for disclosure of at least some of the communications described. The Commissioner will issue a decision notice to this effect.

There is a risk during this period that the communications are deleted, the officials concerned claiming that they didn’t realise they were subject to FOI. This would put them at risk of prosecution under s.77 for deliberately destroying information which is subject to a current request. However, it is very difficult to successfully prosecute under this provision as the Commissioner would have to demonstrate that the deletions were a deliberate act, designed to thwart the FOI requests, within 6 months of them happening. Despite undertaking several times to make it easier for the Commissioner to prosecute, the government has failed to make this change.

Assuming the Cabinet Office doesn’t suddenly claim that the communications have mysteriously disappeared, their next step will be to veto disclosure. Of course they could just appeal to the First-Tier Tribunal (FTT), but following the Independent Commission on FOI’s report in 2016, the government (in the guise of Matt Hancock at that time) undertook to only use the veto after the Commissioner had ruled, and before any Tribunal involvement, so that the executive would not be seen to be overruling the judiciary.

Beyond this, if anyone still cares (which they might on a point of principle), there may be a judicial review of the use of the veto. Given the ruling of the Supreme Court in the ‘Black Spider Memos’ case in 2015, it would not be surprising if the government lost. Several times. Those who can think back that far will recall that the Supreme Court’s ruling resulted from an appeal against the application of the ministerial veto by the then Attorney General, a certain…Dominic Grieve. Ironically then, Dominic Grieve’s defeat in the past may well help him win in the future. It’s like something from science fiction.

By now, the Cabinet Office (or Boris’s feted SPADs) will be calculating, the year is 2025 (at least). In this dystopian future, nobody gives two hoots whether Nikki da Costa (or whoever) thought closing Parliament for five weeks 6 years before was once considered a sensible option.

It may well be that in this scenario, Parliament and the Freedom of Information Act have been shown to be toothless in their scrutiny of the government. I’m hoping someone sees a flaw in my reasoning above and there is a way to force the Cabinet Office to provide these communications whilst they are still useful to ongoing debate. By rights it seems they should be disclosed – at least in part – but by the time anyone is able to enforce that on a reluctant government, it will in all probability be too late to help anyone save historians of these ‘interesting times’.

Upcoming events: Autumn 2019

FOIMan highlights events he will be speaking at in Autumn 2019.

Paul speaking at podium

Paul speaking at IRMS 2019 conference (© Alison Drew 2019)

Last week I ran a workshop at the IRMS Public Sector Group on the relationship between FOI and records management. It was great fun and thanks again to Elizabeth Barber and Sarah Graham for inviting me, and to everyone who was there for taking part so enthusiastically. I’m hoping to return to speak at the PSG again later in the year, so watch this space.

I thought I’d highlight some other forthcoming public events that I’ll be speaking at. In addition to the below, don’t forget you can bring me to your organisation to deliver training, workshops and briefings – get in touch for a quote if that’s of interest. And I’m always willing to consider invitations to speak at free-to-attend industry/professional events, so just let me have details if you are looking for a speaker.

Please note that all links below are to external sites that I have no control over. Should you have any questions about these events or courses, or the websites, please get in touch with the relevant organisation.

12 September: I’ll be chairing a workshop on Effective Records and Information Management in Edinburgh. Understanding Modern Government are offering a £50 discount off the normal rates to readers of this blog. To obtain the discount follow the relevant link below and complete the company’s form.

Charity/Education/Local Gov/ Health £345.00+VAT

Central Gov – £395.00+VAT

Private Sector – £445.00+VAT

27 September: ‘The Linchpin: the role of Freedom of Information Officers in opening up the UK’s public authorities’, free ODI Fridays talk at the Open Data Institute

10 October: Effective Records and Information Management in London

7 November: Handling Subject Access Requests (private sector focus) for UMG Training in London

19 November: Handling Subject Access Requests (public sector focus) for Understanding Modern Government in Manchester

28 November: Excel at handling Freedom of Information requests for Understanding Modern Government in London

 

What we don’t know

FOIMan explains why some truths we cling to about the UK’s FOIA are not quite what they seem.

A few months ago I was delivering some FOI training to a local authority (always available at competitive rates, folks!). I was explaining how far council officers were expected to go when searching for information to answer an FOI request. In particular I stated that if it was known that information had been deleted but still potentially existed on a backup, the backup should be searched.

The council’s FOI officer cautiously picked me up on my assertion. They had, they told me, had a written statement from the Information Commissioner’s Office (ICO) that contradicted me. So surely I was wrong?

The truth is that despite what we are often led to believe, there are some aspects of FOI law that are not certain. The legal system has not yet settled on the ‘right’ answer. This is the case when it comes to debates about information held on backups and whether it is considered held. In the example above, neither I nor the ICO are technically wrong; but then strictly speaking we’re not right either. We’re both interpreting the existing law, and both interpretations are arguable.

This is because English law revolves around the concept of precedent. But precedent can only be set by courts that make a decision beyond a certain stage. In a recent Upper Tribunal decision (LO v Information Commissioner, [2019] UKUT 34 (AAC) (29 January 2019)), Judge Jacobs was critical of the Information Commissioner for treating decisions of the First-Tier Tribunal (FTT) as ‘authoritative statements of the law’. Strictly speaking, they’re not. When it comes to backups, we only have rulings of the FTT to go on, so there is no definitive answer yet on that issue. Interestingly, on this issue, the ICO choose not to accept the FTT’s approach without question in their guidance.

My latest piece for PDP’s Freedom of Information JournalWhat we don’t know (which you can access here) – looks at this issue in more depth – looking at the backups query, but also a couple of other questions which have not yet been answered definitively – perhaps surprisingly. You’ll see that there are disputes between the ICO, the FTT and the s.45 Code of Practice which will only be resolved if those matters reach the Upper Tribunal. It ends by asking what questions you may have about FOIA or the EIRs – as I’ve mentioned before, we’d like to answer some of your conundrums in a future issue of the Journal.

London councils: how good are they at FOI?

FOIMan highlights a new report from the Campaign for FOI on good practice – and whether London councils are meeting it.

The Campaign for FOI has conducted research into the way London local authorities meet their FOI obligations – and has found a mixed picture. They found that:

  • whilst some councils answered almost all requests within 20 working days in 2017-18, three quarters of them failed to meet the ICO’s expectation of 90% answered on time, and seven councils answered on time less than 70% of the time
  • some councils even ignored the ICO’s interventions
  • a third of councils did not publish FOI stats as of December 2018, and very few councils publish figures on refusals
  • four councils do not publish an email address that applicants can use to make requests, instead insisting that requests are submitted via a form, and half of councils do not publish a telephone number so that applicants can ask for advice
  • two-thirds of London councils do not have a disclosure log
  • some councils reported having no internal guidance on FOI, and only a handful published their guidance on their website
  • some council guidance contained errors such as suggesting that staff could charge applicants.

The report makes 14 recommendations including quarterly publication of statistics (which is in any case what is required now under the new s.45 code), that the ICO be clear with authorities that they could face enforcement action, that stats, internal guidance and disclosure logs be published, and that authorities be more helpful to applicants. The full report can be read via the Campaign for FOI’s website (and you may want to consider donating to the Campaign if you find the report interesting).

If you’re working for a council and struggling with FOI, you will find The Freedom of Information Officer’s Handbook addresses all of these issues. You can, of course, also get in touch for training and for help with revising FOI policies and procedures – if that’s of interest, drop me a line.

Openness by Design: less fluff please

FOIMan comments on the ICO’s new draft FOI strategy ‘Openness by Design’.

A few weeks ago the ICO published its draft strategy for FOI and access to information over the next three years. It is still open for consultation until 8 March so if you have a view on the strategy, make sure you submit a response.

I’ve been reading it with a view to doing the same, but I thought I’d make some initial comments here.

The strategy focuses on five priorities:

  • Work in partnership to improve standards of openness, transparency and participation among public authorities in a digital age.
  • Provide excellent customer service to members of the public and public authorities and lead by example in fulfilling our statutory functions.
  • Raise awareness of access to information rights and make it even easier for the public to exercise their rights.
  • Promote the reform of access to information legislation so it remains fit for purpose.
  • Develop and sustain our international collaboration.

It’s hard to disagree with these statements of intent but that’s because they’re pretty bland – with a few tweaks they could have been copied and pasted from pretty much any corporate strategy document (the Scottish Commissioner’s strategic plan for 2016-2020 lists some very similar priorities, but they are worded more specifically). It would be good to see something more meaningful being promised. There are certainly opportunities to do more on FOI so it is not that there is nothing to say.

The more detailed exploration of these strategic goals is more enlightening. There are some hints of changes in approach (such as the collection of ‘systematic feedback’ from applicants and authorities). Strategic priorities are listed. The most striking of these are plans to develop a self-assessment toolkit; assessing the feasibility of transparency impact assessments along the same lines as Data Protection Impact Assessments; promoting digital means to enhance transparency; and building the case for changes to FOI (see my last post for more on that).

Much of this is laudable in principle but is a bit, well, er…fluffy. Do we really need the ICO to develop a ‘service charter’ to improve matters? If money is tight on the FOI side why is so much attention given to international relationships (I appreciate I’m starting to sound like the ERG here, but it’s a fair question)? Given the volume of requests that many authorities are struggling with, should the ICO really be devoting more of its scarce resources to increasing awareness amongst the public of FOI (it is part of the Commissioner’s statutory role to do that, but is it a priority over other things at present?)?

Come to that, why only ‘assess the feasibility’ of impact assessments? The Commissioner has been talking about them for almost a year so shouldn’t they have assessed the concept already? The few concrete ideas mentioned in the strategy seem to involve adding extra red tape to the FOI and openness process – whether it be impact assessments or self-assessment toolkits.

There’s lots of talk of ‘working in partnership’ with stakeholders, ‘using feedback’ and ‘develop engagement channels’. But aren’t the ICO already doing this? Some of the priorities outlined are so vague and amorphous that it is hard to know what they really mean.

One of the things that struck me when I was researching The Freedom of Information Officer’s Handbook was how little support practitioners get in doing their jobs. The ICO rightly points out that FOI’s benefits are not always recognised by public authorities, and that too much energy is spent on complaining about its cost. But my concern is that this strategy in its present form is not going to help win practitioners and their colleagues over, nor help them to improve their performance.

And there are specific and measurable things that the ICO could do to help practitioners and foster a more positive attitude to openness.

For a start, look at the Scottish Commissioner’s Office. I’m sure they’re not perfect, and they don’t have as wide a remit, nor is their constituency as large. However, with the limited resources they have they do a lot. The UK ICO could do worse than to look at the things they do:

  • collect and publish FOI stats– at the very least I’d like to see some solid commitments to enforcing the new code of practice requirements on authorities to publish these (the Commissioner talked about looking at the publication of statistics in the same speech a year ago in which she discussed impact assessments, so shouldn’t they have some meaty ideas by now?)
  • publish more guidance on the practicalities of FOI compliance (there is a mention of this in the strategy to be fair to the ICO)
  • highlight the learning from recent decisions in accessible ways, such as the Scottish ICO’s weekly round-ups and associated tweets
  • be seen to take on even the most powerful public authorities if they are not cooperating. I don’t need to bang on about certain government departments as plenty of others better placed than me to comment (as here and here) have done that. I understand that sometimes there may be more effective means than formal action to move things on, but it would be good if this strategy gave some indication of a new approach and what the ICO is prepared to do in the face of intransigence.

In short, practitioners need more concise and usable guidance; they need practical assistance; they need to be able to compare their performance to others; they need to know that if they tell their colleagues that they should comply, that they won’t look silly when government departments are let off the hook.

The ICO claim that one of their values is to be ambitious. I think they should put more emphasis on being ‘service focussed’ and in particular provide some more quality support for practitioners. Without educated and empowered practitioners, everything else in FOI falls apart. At the same time, where an authority is not playing ball, there needs to be less partnership and more confrontation. Get the basics right and everything else will follow.

The above comments may be unfair criticism of what is intended to be a high level declaration of intent. However, whether it be here or elsewhere, the ICO need to demonstrate that they are going to promote and enforce FOI compliance in a more practical and active way.